CVE-2024-7408 HIGH

CVE-2024-7408: Information Disclosure Vulnerability in Airveda Air Quality Monitor

Vendor Airveda
Product Air Quality Monitor PM2.5 PM10
Weakness CWE-319 · Cleartext transmission
Published August 9, 2024
Last update August 9, 2024

CVSS base score

8.6/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP. Successful exploitation of this vulnerability could allow the attacker to cause Evil Twin attack on the targeted system.

Key dates

02Disclosure timeline

August 9, 2024 CVE published
August 9, 2024 Record updated